From 340389a54d9751937b411b839f7cb37de5aedf3f Mon Sep 17 00:00:00 2001
From: Agent Isai <43097272+AgentIsai@users.noreply.github.com>
Date: Sat, 5 Oct 2024 00:21:57 -0500
Subject: [PATCH] Check mw* servers directly for SSL

---
 modules/monitoring/manifests/init.pp      |  5 +++++
 modules/monitoring/templates/ssl.conf.erb | 11 +++++++++++
 2 files changed, 16 insertions(+)

diff --git a/modules/monitoring/manifests/init.pp b/modules/monitoring/manifests/init.pp
index d3d1c48287..f1191df572 100755
--- a/modules/monitoring/manifests/init.pp
+++ b/modules/monitoring/manifests/init.pp
@@ -208,6 +208,11 @@
     $redirects = loadyaml('/etc/puppetlabs/puppet/ssl-cert/redirects.yaml')
     $sslcerts = $ssl + $redirects
 
+    $servers = query_nodes('Class[Role::Mediawiki]')
+        .flatten()
+        .unique()
+        .sort()
+
     file { '/etc/icinga2/conf.d/ssl.conf':
         ensure  => 'present',
         content => template('monitoring/ssl.conf.erb'),
diff --git a/modules/monitoring/templates/ssl.conf.erb b/modules/monitoring/templates/ssl.conf.erb
index e3c2c61dcd..deda7ef539 100755
--- a/modules/monitoring/templates/ssl.conf.erb
+++ b/modules/monitoring/templates/ssl.conf.erb
@@ -17,6 +17,17 @@ apply Service "m.miraheze.org - LetsEncrypt" {
   assign where "sslchecks" in host.groups
 }
 
+<% @servers.each do |server| -%>
+  apply Service "<%= server %> SSL Check" {
+    import "generic-service"
+    check_command = "check_ssl_expire"
+    check_interval = 30m
+    notes_url = "https://meta.miraheze.org/wiki/Tech:Icinga/MediaWiki_Monitoring#SSL_Validity_Checks"
+    vars.host = "<%= server %>"
+    vars.time = "30"
+    assign where "sslchecks" in host.groups
+  }
+
 <% @sslcerts.each_pair do | name, property | -%>
 apply Service "<%= property['url'] %> - <%= property['ca'] %>" {
   import "generic-service"